Asia Information Security Community Blog – Risk & Cybersecurity

1.2 billion username and password combinations, and more than half a billion email addresses, are in the hands of a Russian crime syndicate, according to a New York Times report.

The database was apparently discovered by researchers at Hold Security. They haven’t disclosed which websites are affected, but there’s a whopping 420,000 of them and they range from Fortune 500 firms to “very small websites.” Hold, which is about to present its findings at Black Hat this week, isn’t naming any of the affected sites just yet because of non-disclosure agreements and the fact that many remain unpatched.

This is probably the biggest illicit stash of personal information that has yet been found. However, as Forbes has pointed out, Hold also charges companies to tell them whether or not their website has been breached — there’s arguably a potential conflict of interest here, though it’s worth noting that the…